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Abstract— The aim of this research is to overcome the ambiguity of the Michael O. Rabin Cryptosystem. Because the Rabin 
cryptosystem often generates the same ciphertext from different plaintexts as well as multiple plaintexts from a single ciphertext, this 
problem arises from modular reduction arithmetic. Separating a particular ciphertext from the same type of ciphertext generated from 
different plaintexts is quite cumbersome. If the question arises as to how to distinguish a particular ciphertext against every plaintext, to 
answer the question, this paper presents a new mathematical model that generates a specific ciphertext for each plaintext. This 
mathematical model is actually a symmetric cipher because it is able to encrypt and decrypt messages with a symmetric key. The model 
consists of three algorithms: key generation, encryption, and decryption. The Diffie-Hellman key exchange protocol is used for key 
generation. The encryption depends on the floor value of the quadratic quotient and the quadratic residue. The decryption relies on 
computing the absolute value of the square root of an expression that multiplies the key with the floor value of the quadratic quotient 
and adds the quadratic residue. The advantage of the proposed model is that the intended receiver gets only one plain value, 
distinguishing the ciphertext against the plaintext. The idea came to mind while reviewing a research article called Michael O. Rabin 
Cryptosystem. Computational and exploratory research approaches were applied in this research. Data collection methods were a 
literature review, an online survey questionnaire, and a focus group discussion. The population of this research work was university 


professors. 


Index Terms—Cryptography, Cryptosystem, Encryption, Decryption, Diffie-Hellman key exchange protocol, Euclidean algorithm. 


1 INTRODUCTION 


ryptosystem is usually consist of a several of algorithms: 

key generation, encryption, and decryption algorithms. 

The security of a cryptosystem mainly relies on a secret 
key. Michael O. Rabin Cryptosystem was the first asymmetric 
cryptosystem in the field of public-key cryptography. The se- 
curity of Rabin’s encryption mechanism relies on prime inte- 
ger factorization. Since its publication in January 1976 and 
1979 by Michael O. Rabin, a huge number of surveys have 
been carried out over Rabin’s cryptosystem to find out its ef- 
ficiency and devise a new method for a real-life application 
[1, 2]. It was not widely used due to some ambiguity; how- 
ever, its theoretical significance is widespread. The encryp- 
tion mechanism used quadratic residue to produce cipher 
text, and decryption was accomplished by computing two 
square roots and Bezout’s coefficient using the extended Eu- 
clidean algorithm and combining them with the Chinese re- 
mainder theorem. Similarly to the RSA and ElGamal cryp- 
tosystems, the Michael O. Rabin cryptosystem is described in 
a ring under addition and multiplication modulo a composite 
integer number. One of the main disadvantages is that it gen- 
erates four results during decryption, and extra effort is 
needed to sort out the right one out of the four possibilities. 
In addition to that, Rabin’s cryptosystem often generates the 
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same ciphertext from different plaintexts. This is one of the 
limitations that arise in modular reduction arithmetic. Thus, 
the motivation for conducting research on this topic is to 
overcome the ambiguity of Rabin’s cryptosystem. For this 
reason, it is necessary to design a new mathematical model to 
overcome the ambiguity. To do that, this research paper is go- 
ing to show a new mathematical model based on the Diffie- 
Hellman key exchange protocol [3], the concept of square 
modular arithmetic, a square root, floor function, and abso- 
lute value. This idea originated from a research gap identifi- 
cation period, particularly when reviewing Rabin’s cryp- 
tosystem. In the beginning, designing a mathematical model 
that could efficiently separate each ciphertext from each 
plaintext was quite cumbersome. Of course, continuous effort 
gets the task accomplished. In the proposed cryptosystem, 
the encryption is done by hashing the message twice, i.e., C = 
(H, = m* mod K, H, = [m?/ KJ), and decryption is done by 
(D) = | ./H, * K +H, | . The advantage of this cryptosystem 
is that the intended receiver gets only one desired plaintext 
with this technique, whereas Rabin’s cryptosystem generates 
four different decryption results. This research outcome is 
very significant for the field of cryptography. 


* https://doi.org/10.14299/ijser.2019.06.08 


IJSER © 2019 
http://www.ijser.org 


International Journal of Scientific & Engineering Research, Volume 10, Issue 06, June-2019 597 


ISSN 2229-5518 


The next road map of the article is organized as follows: Sec- 
tion 2 contains a literature review; Section 3 proposes a math- 
ematical model; Section 4 provides discussion; Section 5 gives 
a conclusion; Section 6 gives acknowledgement; and the last 
section provides references as well as an appendix as a refer- 
ence for ASCII value. 


2 LITERATURE REVIEW 


The literature review section provides a thorough discussion 
of Michael O. Rabin's cryptosystem and the contributions 
made by other researchers to it. First of all, let us start with an 
overview of Rabin’s cryptosystem [4]. In this system, to estab- 
lish a secret communication between two entities, one of the 
entities creates a public key with its corresponding private 
key in the following way and then encrypts and decrypts the 
message: 


Algorithm for Key generation: Entity A ought to take the sub- 
sequent actions in order to generate public key: 


1. Generate two large and distinct random prime 
numbers p and q, each roughly the same size. 
2. Compute N = p*qasher public key 


Algorithm for Rabin’s public-key encryption: When entity.B 
encrypts a message(m) for entity A, entity B should perform 
the following steps: 


Obtain A’s authentic public key N. 

Represent the message as an integer m: {0,1...n — 1} 
Compute ciphertext (c) = m* mod N. 

Send the ciphertext to A. 


me ONS 


Algorithm for Rabin public-key Decryption: To recover 
plaintext(m) from ciphertext (c), A must locate the four- 
square roots of c modulo n— m,4,m 2,m3, and m,. One of the 
values of the four-square roots—m,,m,,m 3 and m,—will be 
the sending message. A determines which of the four-square 
roots is m by identifying the bits that replicate in the follow- 
ing way: 


1. Use the extended Euclidean algorithm to find inte- 
gers Y, and Y, satisfying expression p.Y, + q.Y, = 1. 
Compute M, = c®*?/* mod p. 

Compute M, = c“*)/* mod q. 

Compute x = (Y).p.Mg + Yq-q.M,) mod N. 
Compute y = (Yp.p.Mg — Yq-q.Mp) mod N. 

The four-square roots are +x, — x, +y and— y modN. 


No PON 


To better understand this mathematical concept, let's now 
look at an example of the aforementioned algorithm. In the 
key generation step, an entity A chooses two prime numbers 
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p = 277,and q = 331, and generates public key N = p * q = 
91687. In the encryption process, the last six bits of original 
messages must be replicated prior to encryption. In order to 
encrypt the 10-bit message (m) = 1001111001, B replicates 
the last six bits of the original message (m) to obtain the 16- 
bit message (m) = 1001111001111001, which in decimal no- 
tation is (m) = 40569. The entity B then computes (C) = 
m’? mod N = 405692 mod 91687 = 62111 and sends this to 
the entity A. In the decryption Process, A uses the aforesaid 
algorithm and her knowledge of the factors of N to compute 
the four-square roots of CmodN: m, = 69654,m, 
22033,m; = 40569, and m, = 51118. Its binary format is 
m, = 10001000000010110, mz, = 101011000010001, m3 = 
1001111001111001,and m, = 1100011110101110. Entity A 
decrypts c to m3 and recovers the original message (m) = 
100111100 because because only m3 possesses the necessary 
redundancy. 


Now let us examine an additional mathematical interpreta- 
tion of Rabin's cryptosystem. It consists of three steps: encryp- 
tion, decryption, and key setup. During the key generation 
phase, Alice chooses two random prime numbers, P and Q to 
use as her private keys. She then multiplies the two private 
keys to get the public key, ie., (N) = P * Q. Additionally, she 
picks a random integer number (0 < b < N) to publicize 
(N,b)..as her.public key. In the encryption process, Bob, the 
sender generates cipher text using an expression, ie., C = 
m (m+ b) mod N. In this case, b is only used for security pur- 
poses. In the decryption step, Alice solves the quadratic equa- 
tion m? —m*b + c =0 (mod N) to decrypt the ciphertext. 
The decryption involves computing square roots modulo N. 
Decryption consisting of m? = a (mod N). This is performed 
by solving the expression, ie. M, = m* =a (mod p) and 
M, =m’ =a (mod q), picking a random integer b in the 
range of 0....p and then computing the Legendre symbol 
(b? — 4a) /p ie., (b? — 4a)°~Y/? mod p with result p — 
1 replaced by —1, until that’s —1. Now setup the second-de- 
gree polynomial arithmetic f, and then compute the polyno- 
mials x®*/? mod f, and x“+/* mod f using polynomial 
arithmetic modulo the polynomial f, Compute Bezout’s coef- 
ficient using the extended Euclidean algorithm, and then 
combine these results with the Chinese remainder theorem to 
arrive at four possible solutions in most cases and pick the 
right one in some way. 


Let us see an example. In the first step, calculate the public 
key (N) = p* q =1273 by choosing two random prime 
numbers: p = 41 and q = 53. Then, assume a message 
(m) =92. Calculate ciphertext (c) =m? modN = 1945. 
Now compute M, = m* = a(mod p)=18 and M, =m’ = 
a(mod q) = 37. In the second step, select a random number 
b = 2 satisfying the condition and set up a polynomial f = 
x?-b* x + M, with coefficients in Z,,, that is f = x? + 39x + 
18. Similarly, let’s set b = 4 satisfying the condition and set 
up a polynomial f = x? + 49x + 37 with coefficients in Z53 
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where x is the variable of the polynomial and has no particu- 
lar value. In the third step, compute the polynomial 


x2 mod f =x?! mod f. The binary representation of the ex- 
ponential order (21) is 10101, and compute x”, x*, x5, x"°, x70 
and finally x*1 mod f by left-to-right binary exponentiation. 
Computation of x? mod f = x? — (x? + 39x +18) = 2x+ 
23. Computation of x*modf that is 4x*+10x+37—- 
A(x? + 39x +18) = 18x+6. Computation of x° mod f > 
18x? + 6x — (x? +. 39x +18) = x+4. Computation of x1? 
mod f that is (x + 4)? mod f = 10x + 39. Computation of 
x*° mod f that is (10x + 39)? mod f = 37x + 8. Computa- 
tion of x?" mod f that is 37x” + 8x mod f. Finally, the x term 
has surprised by leaving 31. Thus, m” = a(mod p) has solu- 
tion M € {10,31}(mod p). In the fourth step, compute the 
polynomial x= mod f that is x?” mod f using polynomial 
arithmetic modulo the polynomial f. The binary representa- 
tion of the exponential order (27) is 11011, and compute 
x?, x3, x°, x12, x13, x6 and finally x?” mod f by left-to-right bi- 
nary exponentiation. Then apply similar computation as like 
as third step and then solve m? = a (mod q), with solution 
M € {14,39}(mod q). In the fifth step, compute Bezout’s co- 
efficient using the extended Euclidean algorithm: Y, = 
22,Y, = —17. In the sixth step, the computation of four roots: 
Ry = (Yp-p.Mg, + Yq-4-Mp,) mod N = 728, R, = —R, mod N 

= 1445, R; = (Yp.p. Mg, — Yq-4.Mp,) mod N = 2081, and R, = 
—R;modN = 92. Thus, using the Chinese remainder theo- 
rem yields the four possible outcomes: {728, 1445, 208192}. 


Let's move on to the discussion about the Diffie-Hellmamkey 
exchange protocol. It was the first public-key algorithm to be 
published. It appears in the seminal paper by Diffie and Hell- 
man that established public-key cryptography [5]. The proto- 
col for exchanging keys is commonly known as the Diffie- 
Hellman protocol. A number of commercial products employ 
this key exchange technique. The Diffie-Hellman key ex- 
change protocol enables two users to securely exchange a key 
for subsequent encryption and decryption of messages. The 
algorithm is only capable of exchanging secret values. The ef- 
fectiveness of the Diffie-Hellman key exchange protocol relies 
on the difficulty of computing discrete logarithms, which is 
widely regarded as a difficult problem. The following is a dis- 
cussion of the Diffie-Hellman key exchange protocol: 


Global public elements: q is a prime number that can define 
a domain so called curve area or elliptic curve, a is a primitive 
root of q such that a < q. Key generation for user A: Select a 
private key X, , such that X, < q. Calculate the public key 
Y, = a*¢ mod q. Key generation for user B: Select a private 
key X» such that X» < q. Calculate the public key Y, = 
a*» mod q. Secret key for user A: K = (Y,)** mod q. Secret 
key for user B: K = (Y,)* mod q. 


As an illustration, consider the domain size (q) = 353 and its 
primitive root (a) = 3. Twousers (A and B) select secret keys 
A = 97andB = 233, respectively. Each of them computes a 
public key. For example, user A computes X = 3°” mod 353 = 
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40 and user B computes Y = 373? mod 353 = 248. Following 
that, they exchange public keys with one another to compute 
secret keys in the following ways: A computes K = 
(Y)4 mod 353 = 248°” mod 353 = 160. 

B computes K =(X)? mod 353 = 4073 mod 353 = 160. 
There have been many surveys dedicated to Rabin’s cryp- 
tosystem. Recent scientific journals have published numerous 
updates to Rabin’s cryptosystem. Let's examine its further 
variations. 


Hayder Raheem Hashim [6] proposed an update methodol- 
ogy that used three private keys instead of two. One cipher- 
text results in eight non-deterministic plaintexts, whereas one 
of them is the actual plain text. This technique has the ad- 
vantage of confusing attackers while being very annoying to 
receivers because it requires extra effort to distinguish the 
original plaintext from the eight texts. 


Yahia Awad et al. [7] proposed a deterministic method based 
on the Gaussian integer domain to choose the correct 
plaintext among four decryption results. The recipient can de- 
cide on a particular plaintext from four possible decryption 
results by selecting the obtained square root with redundan- 
cies in its imaginary part. This is the main benefit of using the 
Gaussian integer technique. However, the drawback is that 
modular reduction arithmetic can generate the same cipher- 
text from different plaintexts. For example, for the four 
plaintexts (m)"= {13,20,57,64}, we get the same ciphertext 
(c) = 15. 


Manish Bhatt et al. [8] extended a deterministic technique by 
adding duplicated bits at the beginning of plain text before 
encrypting it. One of the four possible decryption results re- 
flects the replicating bits. The other three false results, which 
relate to memory complicity and time complexity, are annoy- 
ing to the receiver. 


Masahiro Kaminaga et al. [9] discussed a fault attack tech- 
nique on modular exponentiation during Rabin’s encryption, 
where a complicated situation arose in the case of message 
reconstruction when the message and public key were not rel- 
atively prime. They also provided a rigorous algorithm to 
handle message reconstruction. 


Haytham Gani [10] performed a study on the Rabin and RSA 
cryptosystems and provided an insightful discussion. Both 
Rabin's cryptosystem and RSA computed at about the same 
speed. Both algorithms’ security relies on prime integer fac- 
torization. 


Preeti Chandrakar [11] discussed a secure two-factor remote 
authentication scheme using the Rabin Cryptosystem. This 
paper showed an extended usage of Rabin’s cryptosystem. 
Xue-dong DONG et al. [12] modified Rabin’s cryptosystem 
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using the cubic residue technique, which successfully re- 
moved the long-cherished inconsistency of the so-called four- 
to-one function in Rabin’s cryptosystem. However, the au- 
thors noted that it was insecure against the chosen cipher text 
attack. It's interesting to note that the novel method for calcu- 
lating the cubic root from a cubic residue keeps a private key 
secret. 


My research focuses on constructing a symmetric-key cryp- 
tosystem by providing a solution to overcome the ambiguity 
of the Michael O. Rabin Cryptosystem using mathematical 
concepts derived from a literature review that analyzed other 
people's findings in various contexts of Rabin’s cryptosys- 
tems and their varieties. 


A. AIMS AND OBJECTIVES 


The goal of the research is to overcome the ambiguity 
of Rabin’s cryptosystem and develop a crypto- 
graphic technique that can encrypt and decrypt mes- 
sages using a semmetric key. And therefore, the fol- 
lowing research questions have been formulated 
from the research objectives to conduct this study: 


RESEARCH QUESTIONS 


1. What is the obfuscation of the Michael O. Rabin 
Cryptosystem? 

2. How do I design a mathematical model to over 
come the ambiguities of the Rabin cryptosys- 
tem? 


3 PROPOSED MATHEMATICAL MODEL 


3.1 Key generation model: 


SND At] © J AER a ete cL ORB oe rene RE oe CEO RE RE ee SERRE ESO OPE 


K = (Y¥,)** mod N 
Xa im O 
=(a’modN) mod N aes 
xb, *4 Be 
=(a) modN aes 
= aX. Xamod N i & 
bg =a 
= (a**)"” mod N 1S. : 
= (a**mod N)*°mod N iQ 
= (Yq)*’mod N a8 
> 3.2 Encryption model: = —tti—i—~—tititstS 
H, = m? mod K > 
H, =|m?/k| = 
C = (H,,H2), where C = Ciphertext. | 
H, = Quadratic residue and i Qa 
H, = Floor value of quadratic quotient | g 
H ia) 
3.3. Decryption model: 2 
D=|/H.*K +H, g 
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4 DISCUSSIONS 


The proposed cryptographic technique ensures secure com- 
munication between two parties. At the initial stage, Alice 
and Bob create a shared secret key using the Diffie-Hellman 
key exchange protocol, for example. In the second stage, Bob 
chooses a message A = 065 according to the ASCII binary 
character table [13]. ASCII is a character-encoding standard 
for electronic communication. It represents text on a com- 
puter, telecommunications equipment, and other devices. 
Note that details about ASCII codes are available on the in- 
ternet. After selecting an ASCII value, Bob encrypts the mes- 
sage like a pair of integers using a shared secret key and sends 
it to Alice. Finally, Alice decrypts the message. The following 
is the entire mathematical procedure for deciphering a mes- 
sage: 


Step 1: Key generation process: 


PERS eee ee a ee mete erent nat ere tan SES BSS OS EEE SESE SEO 


Alice Evesdroper Bob 
|known = un- | known | unknown) Known | un | 
eae e BOWS eee tetias lee inn 

N=113 v v 


=40=k, 


[AO le 


Eee a a a alae cea ce ence arent Se a a a aaa a 


Step 2: Encryption Process: 


In the encryption step, one of the parties encrypts a message 
using a shared secret key and sends it to other parties. As- 
sume that Bob encrypts the message A = 65 using the shared 
secret key and sends it to Alice. H, = (65)? mod 40= 25, 
H, = |(65) 2/4| = 105, C = (105,25) 


Step 2: Decryption Process: 


In the decryption step, the receiver decrypts the message us- 
ing a shared secret key. Suppose, Alice receives the message 
and decrypts it by applying a square root to the result of (H, * 
K + H,), and only the absolute value is considered for a secret 
message- D = |,/H * K + H,| = |V105 * 40 + 25| = |v4225| 
= 65 = A (reveal). 
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4.1 COMPARISON 


The comparison between the proposed cryptographic tech- 
nique and the Michael O. Rabin cryptosystem is as follows: 


Rabin’s Crypto Scheme: | plese eee Scheme: | 
| It’s ciphertext is a quadratic res- live S ciphertext i isa 2 pair “of | 
| idue. “| integers. BS 
Decryption generates four plain Decryption ~ generates 
_texts._ 7 ___ single plaintext. _ | 
/ It uses an n asymetric key. : It uses a symetric key. : 
| Michael O. Rabin’s encryption | It is powerful due to its | 


| and signature scheme cannot | ability to distinguish the | 


identify the same ciphertext Same ciphertext gener-/ 
| generated from ated from different | 
| plaintexts. 


different | 
[plaintext dT —‘i—‘iSz 


A dpadcaiiage of the Mivhel O. Rabin aa aac a 


C= 64? mod77 | 
=45 


C = 572 mod 77° 
=15 


The same Sher puon result (15) pererates from four different 
plaintexts (m) = {13,20,57,64}. Those encryption results can- 
not be identified separately by the Rabin cryptosystem. 


An advantage of the proposed mathematical model: 


as = (13)? mod 77 | 
= |(13) 2/>9| 


ihe = (20)? mod 77 
= |(20) 2/59| 


| H, = (57)* mod 7 
| H, = [(67)4/79| 
| C= (15,42) 


The proposed feamnique can identify eh ciphertext sepa- 
rately. 


H, = (64)? mod 77 
| H, = (64) 2/79| 
(C= (15,53) 


5 CONCLUSIONS 


The proposed mathematical model is efficient for solving 
four-to-one mapping ciphertexts. It can efficiently identify 
each ciphertext separately generated from modular reduction 
arithmetic, while Rabin’s cryptosystem fails. The objective of 
this research has been successfully achieved. 


A. RECOMMENDATION: I welcome cryptographic 
researchers to come up with new ideas that will be 
more effective than the current model. 


B. LIMITATION: This is a very simple idea in a cryp- 
tographic context. This work is for educational pur- 
poses only. It may not be useful for professional 
work. 
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